nix-darwin: improve invocation of activation script

In #807 I changed the flag passed to `sudo` from `-i` to `-s` so
`sudo` wouldn't use a non-existent shell defined in the `passwd` file.
kalbasit also reported in that PR that `-i` didn't work for them
anymore on an M1 Mac, presumably because Apple changed something in
newer versions of macOS.

Some users reported that this broke the behavior for them because
`SHELL` was set to a path that didn't even exist on their system. It's
unclear how this came to be but it shows that my assumption that
`SHELL` would be set to a reasonable shell by Home Manager at this
point in the activation is false.

As a way around this problem we can explicitly set `SHELL` when
running the activation script to a value that we know will be good,
like `${pkgs.bash}`.

One change in behavior this causes is that the activation script will
always be run by bash, not the user's shell. If the script is
generated by Home Manager this is fine since it can be generated
taking into account the supported set of functions and behaviors. If
the intent is for the activation script to possibly be run by non-bash
and even non-POSIX shells, like tcsh, ksh or Xonsh, then this fix will
not suffice. Turns out this is indeed an assumption made by Home
Manager, so this is the proper behavior.

Fixes #2900
This commit is contained in:
toonn 2022-06-19 19:00:24 +02:00 committed by Robert Helgesson
parent 5427f3d1f0
commit 610b1d988c
No known key found for this signature in database
GPG key ID: 36BDAA14C2797E89

View file

@ -15,7 +15,7 @@ in {
system.activationScripts.postActivation.text = concatStringsSep "\n"
(mapAttrsToList (username: usercfg: ''
echo Activating home-manager configuration for ${username}
sudo -u ${username} -s --set-home ${
SHELL=${pkgs.bash} sudo -u ${username} -s --set-home ${
pkgs.writeShellScript "activation-${username}" ''
${lib.optionalString (cfg.backupFileExtension != null)
"export HOME_MANAGER_BACKUP_EXT=${